No matter where you work – be it a corporate office, a retail store, healthcare institution, place of academia or government agency – every employee has a role to play in ensuring your organization maintains good security hygiene.
The reality in today’s connected world is that the attack surface is expanding, creating more points of entry and potential vulnerabilities for attackers to capitalize on. As this continues to be the case, it’s becoming even more crucial to make sure every person involved in an organization realizes their role in protecting it. Ensuring online safety and security in a connected workplace requires education and awareness, especially as cybercriminals are getting smarter and preying on human psychology to trick even trained employees into making mistakes.
Keeping employees up to date on critical areas of cybersecurity is one of the most helpful ways to keep your organization secure. In fact, a recent study found that human error accounted for 47% of data breaches, more than any other cause. Given that employees are a major concern in keeping a company safe, they need to know what steps to take to protect their employers – and themselves – from cybercrime.
As your first line of defense against attacks, employees should be knowledgeable about the following critical cybersecurity areas:
- Secure physical devices and workspaces: Employees need to understand that it is their job to maintain a secure workspace. This includes securing their laptop and mobile phone from potential thieves, keeping data encrypted if they put it on a USB and not leaving sensitive information, such as documents or their password, lying around the office. Simple measures such as locking the computer when walking away from it, never leaving their laptop in the car or unattended in a public place and shredding all sensitive documents are easy ways to keep data secure in the office.
- Protect data with strong passwords: An employee’s password is the gateway to all sensitive data they have access to as a member of your organization. Make sure your employees have a strong password for all of their accounts, change it often and never use the same password twice. Cybersecurity trainings can teach employees unique tricks like thinking of an easy-to-remember phrase and switching around letters to create a complicated password that is still simple for them to remember.
- Prevent malware or other attacks: Phishing, ransomware and other attacks are something all employees should be aware of. Your employees should learn how to look for signs of suspicious emails, such as unknown senders, links that don’t point to where they claim to point or attachments that they weren’t expecting. Emails that use fear – such as asking a user to click on a link to ensure they don’t get locked out of their account – or reward – such as promising a gift card if they click on a link to fill out a survey – are other common tactics that employees should be aware of. Thinking critically before they click is a baseline tactic that all employees should know.
As attacks continue to become more pervasive and more targeted, we are increasingly seeing cybercriminals socially engineer attacks to exploit human nature and take advantage of victims’ fear and willingness to be helpful or please others. Now, more than ever, ongoing cybersecurity education and training is critical for all employees.